Enable job alerts via email!

Security Code Reviewer (Security Engineer)

Computer World Services Corp. (CWS)

Springfield (VA)

Hybrid

USD 80,000 - 110,000

Full time

8 days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An established industry player is seeking a Security Code Reviewer to ensure the security and resilience of code deployed within government applications. The ideal candidate will possess a strong understanding of software development and security vulnerabilities, with the ability to identify and remediate risks in source code. This hybrid role involves collaborating with development teams to implement secure coding practices, conducting detailed code reviews, and staying current on emerging security threats. Join a forward-thinking organization committed to excellence in security and software development.

Qualifications

  • 6+ years of experience in software development and security code reviews.
  • Strong understanding of security vulnerabilities and remediation techniques.
  • Experience with static and dynamic application security testing tools.

Responsibilities

  • Perform detailed security code reviews for new and existing applications.
  • Identify and document security vulnerabilities in source code.
  • Collaborate with development teams to promote secure coding practices.

Skills

Python
Go
Java
Security Vulnerabilities
Secure Coding Practices
Version Control
Continuous Integration

Education

Bachelor's Degree

Tools

JIRA
Confluence
Git
CI/CD Tools

Job description

Job Description

The Security Code Reviewer ensures that all code deployed within the government applications and systems is secure, resilient to attacks, and compliant with best security practices. The Security Code Reviewer will be responsible for following secure coding practices regardless of programming language or application of the resultant work. The ideal candidate will have a strong understanding of software development, security vulnerabilities, and an ability to identify and remediate risks within the source code.

The Security Code Reviewer may also apply process improvement, reengineering methodologies, and internet-related methodologies and principles to conduct process modernization projects. Responsible for transitioning existing organizations or project teams in accomplishing the organization’s goals or project activities and objectives through improved use of automated processes. The Security Code Review may support activity and data modeling, development of modern business methods, identification of best practices, and creating and assessing performance measurements.

Expert knowledge of the following areas is required:

• Specialized experience with Python, Go, and Java programming languages.

• Architecting and developing web applications using Python data analysis tools/libraries.

• Working with relational databases and APIs.

• Deploying applications using continuous-integration tools/techniques.

• Experience in managing and deploying Python applications in Linux.

• Reviews code created by other developers; provides feedback and guidance on best practices; identifies and remediates security vulnerabilities; optimizes code for efficiency and performance.

• Build JavaScript functions that will work in multiple browsers (cross-browser) on a STIG compliant platform.

• Be excellent with coding version control, configuration management of existing and future web pages and supporting elements.

• Perform testing, debugging, and phased production releases.

Key Tasks and Responsibilities

• Perform detailed security code reviews for new and existing software applications.

• Review code for vulnerabilities, security flaws, and potential exploits.

• Identify security weaknesses within code related to input validation, authentication, authorization, session management, and cryptographic implementations.

• Write detection logic to catch violative content at scale.

• Work with development teams to ensure secure coding practices are implemented in every sprint

• Identify and document security vulnerabilities in source code.

• Provide actionable recommendations to mitigate security risks, including code fixes, design adjustments, and architectural changes.

• Ensure timely remediation of identified security issues and track the progress of resolution.

• Promote secure coding practices and guidelines within the development team.

• Stay current on emerging security threats, vulnerabilities, and industry trends.

• Conduct security training sessions or workshops for developers to enhance their awareness of security vulnerabilities (e.g., OWASP Top 10).

• Collaborate with developers, security engineers, and other stakeholders to align security objectives.

• Create detailed security reports on code assessments and risk analysis.

• Work with project managers and team leads to prioritize security tasks and vulnerabilities based on severity and business impact.

• Utilize various static and dynamic analysis tools to automate security code review processes.

• Assist in the development or improvement of internal security scanning tools and techniques.

• Evaluate the effectiveness of security measures and recommend improvements for future projects.

• Continuously improve the security review process and ensure it aligns with industry standards and regulatory requirements.

Education & Experience

• Bachelors degree or higher and 6 years of experience

The ideal candidate should be able to demonstrate working knowledge with several of the following concepts or technologies:

• Software engineering principles and practices in areas such as requirements, design, construction, testing, maintenance, and configuration management.

• Proven experience in reviewing security of software code in multiple programming languages (e.g., Python, Go, Java, etc. within front and back-end system environments.

• In-depth knowledge of common security vulnerabilities and their mitigations (e.g., OWASP Top 10, SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), etc.).

• Experience with secure coding practices and code review methodologies.

• Familiarity with static and dynamic application security testing tools.

• Strong understanding of encryption algorithms and cryptography standards.

• Familiarity with version control systems (e.g., Git, SVN) and CI/CD pipeline integration.

• Experience with security frameworks and industry best practices (e.g., NIST, ISO 27001, etc.).

• JIRA/Confluence

• DevOps

• Agile/Scrum Methodologies

Certifications

• Relevant commercial certifications desired (Security+, Certified Scrum Developer (CSD), Certified Secure Software Lifecycle Professional (CSSLP), Certified Software Development Professional (CSDP), etc.)

Security Clearance

• Candidate must possess DHS Suitability background investigation or be eligible to qualify for DHS Entry of Duty background investigation followed by DHS Public Trust Clearance.

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)

• This position is a hybrid role with traveling 1 to 2 days a week to the Springfield, VA office.

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at [Phone number shown when applying] or [Link available when viewing the job].

Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs

Security Code Reviewer (Security Engineer)

Computer World Services

Springfield

Hybrid

USD 90,000 - 130,000

Yesterday
Be an early applicant

Security Code Reviewer (Security Engineer)

Computer World Services (CWS)Corporation

Springfield

Hybrid

USD 90,000 - 120,000

Yesterday
Be an early applicant

Software Security Engineer

Contemporary Staffing Solutions

Marlton

Remote

USD 100,000 - 130,000

Today
Be an early applicant

Security Code Reviewer (Security Engineer) with Security Clearance

Computer World Services Corp

Springfield

Hybrid

USD 80,000 - 120,000

19 days ago

Application Security Engineer

CRESCENT SOLUTIONS

California

Remote

USD 100,000 - 150,000

Today
Be an early applicant

Application Security Engineer

PeopleLogic

Remote

USD 90,000 - 130,000

2 days ago
Be an early applicant

Application Security Engineer (Remote)

Crane NXT, Co.

Remote

USD 90,000 - 150,000

5 days ago
Be an early applicant

Product Security Engineer

Hologic, Inc.

New York

Remote

USD 86,000 - 140,000

28 days ago

Application Security Engineer

Sirius XM

Washington

On-site

USD 64,000 - 132,000

Yesterday
Be an early applicant